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1. INTRODUCTION 

In this article we research some methods of storing data in the cloud for a given time using secret 
sharing technology. This task is to encrypt data that can only be decrypted after a specified time in the future. 
There are interesting practical applications for solving this problem. For example, we can ensure that diaries, 
records, or other data are “sealed” for a certain period of time, and in such a way that even the author of this 
data could not “unseal” them before the specified period. A useful practical application can be to protect 
important data that has been obtained as a result of some scientific research or experiments, until they are 
completed and published. This may be necessary to prevent information leaks or pressure from any interested 
parties. For example, when bidding, you can hide bidders’ price offers until the end of the trading session. 
Another case is when intermediate voting data can be protected until it is completed in order to avoid 
affecting the voting process. The scope of the solution to the problem of sending a secret client’s data to the 
future can be very extensive and includes not only auctions and voting, but also e-commerce, financial 
markets and their regulation, and law. 

Over the past time, a number of interesting approaches to solving the problem of encryption in the 
future have been described. Many reseachers used the so-called “time-lock puzzles” to solve this problem and 
described an encryption scheme with partial key escrow (partial key escrow protocol). In [1], a cryptographic 
protocol is built that encrypts client data in such a way that decryption of this data is guaranteed no earlier than 
the specified exact time, even if this decryption is undesirable for the sender. This protocol is based on the 
Pedersen distributed key generation protocol, the Feldman verifiable threshold secret sharing protocol, and 
the El Gamal encryption algorithm. Rabin and Thorpe noted a difference between existing protocols such as 
theirs, in which the time from the moment of encryption to the moment of decryption is fixed, and other 
protocols that only give an estimate of this time or set a lower limit to the estimate. Their solution to the 
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problem of encryption in the future was called time-lapse cryptography (TLC). The authors of TLC received a 

patent [2] for their invention. In [3]-[6] presented a cryptographic protocol for encrypting data for a given time, 

based on TLC. This protocol is based on the distributed key generation protocol based on discrete logarithm on 
elliptic curves, the Pedersen verifiable threshold secret sharing protocol and the El Gamal encryption algorithm 
based on elliptic curves. The protocol was called elliptic curve time-lapse cryptography (ECTLC). 

This research is intended to solve the problem of deploying a secure and reliable distributed network 
of participants of a service that provide key generation. The scientific novelty of this research is that it is 
assumed that the protocol of encryption for a given time will be based on new more efficient algorithms that 
expand its functionality. In particular, to ensure data encryption for a sufficiently long time, it is assumed to 
use the proactive secret sharing protocol. To date, various variants of proactive secret separation have been 
developed, such as, for example, in the works [7], [8]. The protocol presented in section 2 will be a combination 
of 4 known protocols: 1) distributed key generation protocol, 11) asymmetric encryption algorithm protocol, and 
111) proactive secret exchange protocol, and iv) electronic digital signature algorithm. 

The protocol provides for the use of the agreed parameters of an asymmetric encryption algorithm 
such as, for example, a prime number p, a generating element g of prime order q in the case of the El Gamal 
encryption algorithm, or elliptic curve modulo a prime number p, the elliptic curve equation, the equation 
coefficients a and b of the field F,, the elliptic curve point G of prime order q in the case of the El Gamal 
encryption algorithm on elliptic curves. Therefore, it will be necessary to research and select the most 
effective algorithms, protocols, and parameters for the protocol being developed. 

The main stages of the protocol are supposed to be as follows: 

1) The key generation using distributed key generation and proactive secret sharing protocols. The service 
can generate keys on a repeating basis; for instance, it can create keys with a service life of one month 
every week, or it can create keys with a service life of 2 hours every 30 minutes. This schedule is posted 
by managers on an open information stend. In addition, the service can receive some requests from 
clients to generate new keys with a specified service life; workers of the server recieve these requests, 
and then post these requests on an open information stend. Service workers create keys according to the 
protocol. After, manegers of the service sign set of keys, and publish the signed a set of keys on an open 
information stend. 

2) Encrypting data using public keys generated by the Service, with a specified period. 

3) Decryption of data using private keys that are generated by the Service when the specified period is 
reached. 

Section 3 is dedicated to the research and development of secure outsourcing methods for storing 
data using secret sharing technology. Such problems are especially relevant in the context of the rapid 
development of the internet of things (IoT) [9]-[25]. Chips, smart cards and other physically small devices, 
as a rule, have significant memory limitations, so there is a need to use cloud storage as an auxiliary tool 
for secure data storage. The idea of the new approach is to develop a method for storing data using various 
cryptographic solutions, such as shamir's secret sharing method, diffie-hellman key distribution protocol. 


2. METHOD OF STORING DATA IN DISTRIBUTED SERVERS 

So, in this section, we explore a simple protocol model for storing client data for a given time. 
Participants in the model under consideration: 1) portal for accepting applications from clients for storing 
confidential information (data), 11) client is a user of the portal, and 111) service is three distributed servers, 
remote from each other. it is assumed that the servers do not collude with each other, that is, they do not 
transmit confidential data to each other. 

General description of the model: 1) the client makes a standard entrance to the portal, 11) the client 
sends a request to the portal to encrypt the data, and 111) the portal sends a client’s request to the service 
specifying the client’s identifier, the time the request was sent and the time before which the client’s data 
cannot be decrypted. 

— Step 1: each server receives a request from the client to encrypt data for a specified time, generates its 
own private key, calculates its own public key and sends it to other servers in the service. That is, let 
g and p are some public parameters, while the number g is the primitive root modulo p, and numbers 
x1, x2, x3 are secret keys of three servers, respectively. 

Server 1 generates its public key h, = g*'mod p, similarly servers 2 and 3 generate their public keys 

h, = g**mod p and hz = g**mod p respectively. And all three servers exchange their public keys with 

each other Figure 1. 
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Figure 1. Description of step 1 


Step 2: each server receives the public keys of the other servers, calculates the shared public key 
h=h,h,h3(mod p), and save it in their database with binding to the client identifier (ID) and time 
parameters specified in the request and sends the calculated public key A to the portal. 

Step 3: the portal sends the received public key A to the client. Next, the client generates a symmetric 
key s for data encryption, encrypts his data with this key, then encrypts the symmetric key with the 
received public key h according to the El Gamal scheme: 


a=g*modp, b=h*smod p, (k,p—1) = 1, 1< k<p 


and sends encrypted data and encrypted symmetric key (a, b) to the portal. 


Step 4: the portal saves the received encrypted data and the encrypted key in its database with reference 
to the client ID and time parameters specified in the request. 

Step 5: the portal, upon reaching a time before which it is impossible to decrypt the client’s data, or later 
than this time, sends a request to the service to obtain a private key indicating the client’s identifier, 
public key and time parameters. 

Step 6: each service server receives the request, sends its own private key to the rest of the servers. Each 
server of the service receives the private keys of the other servers, calculates the shared private key, stores 
it in its database with binding to the corresponding shared public key x = x1 + x2 + x3 (mod ọ(p)) and 
sends the private key to the portal Figure 2. 


x=x1+x2+x3(mod o(p)) xl 
shared private key 5 K ret | 
x 


Figure 2. Description of step 6 


Step 7: the portal receives the private key x, and decrypts the symmetric key with this key: 


s = b(a*)~*mod p 


And then it decrypts the client’s data. Indeed, there is a chain of equalities: 


h = h,h,h,mod p = {(g*'mod p)(g**mod p)(g**mod p)}modp = g*mod p 
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3. METHOD OF STORING DATA IN AN UNSECURE SERVER 

Suppose client wants to store his data (files, drawings, and photographs) on outsourcing, that is, 
in the cloud storage. For the exchange of information between clients and the server, standard secure 
information exchange protocols can be used. The problem is that the cloud storage (server) is not trusted. 
That is, during the storage period of the received data, intruders may intervene, although the server itself, 
which is considered an automated system, does not deviate from the interaction protocol. That is, the 
server, for its part, protocolly wants to protect itself from such unauthorized interventions as substitution 
of information, and distortion of data content, precisely during the period of data storage. Thus, the data 
transmitted to the server is not secret, but the server wants to avoid distortion and substitution of 
information by intruders, and therefore performs all the actions described in the information exchange and 
data storage protocols. 

In addition, let us assume that the server itself does not violate the interaction protocol at the time of 
transmission and exchange of information with clients, that is, there is no information leakage. But long-term 
storage of the data itself in the cloud can be unsafe, therefore, the original data, after being transferred to the 
server, must be kept encrypted using standard symmetric encryption algorithms, such as block cipher (GOST), 
and advanced encryption standard (AES). Thus, for each client and server, the task is to generate a shared secret 
key that will be used by the server as the encryption key for the data of a particular client. In such a model, the 
server is protocolly interested in “forgetting” this public key, but being able to recover this key to decrypt the 
data only with the participation of the client who owns the data. 


3.1. Data storage method using classical asymmetric cryptography 
So, let’s say client i needs to send data to the cloud for storage in the encrypted type. 
— Step 1: client į and server choose a sufficiently large prime p and number d. The client i and the server, 
independently of each other, choose random natural numbers a and b, respectively. 
Next, client í calculates the number A;: 


A; = d°mod p; 
and the server finds the number B: 
B = d’mod p. 


Here the number a is the secret key of the client i; b is the server’s private key. Numders A; and B are are 

the public keys of the client and server, respectively. 

— Step 2: key distribution is carried out using the well-known Diffie-Hellman protocol: 

1) Client i calculates and sends its public key to the server A; = d°mod p, and the server sends its public 
key to the client B = d?mod p. 

2) The server calculates the number Q; = AY mop d, and the client similarly calculates the same number 
Q; = B*mod p, because B¢mod p = d® mod p = A;’mop d. 

3) As a distributed key k; take the number Q;. That is, we have a shared secret key between a specific 
client i and the server: k;. 

4) The server encrypts (for example, AES or GOST) the original data of client i using the shared secret k;, 
and stores encrypted data in its own storage. We denote this encrypted data F (i). 

5) Now the client i and the server delete from their storages the numbers a and b, respectively, that is, they 
“forget” them. This protocol agreement to “forget” your private keys is mandatory and is performed in 
an automated manner - both on the client side and on the server side. 

— Step 3: using Shamir's secret sharing technology: 

1) Let l denote the value of the product of two numbers: | = Q;A;mod p; 

2) Server and client independently form the same polynomial 


f(x) =k; + lx mod p 


3) Server and client randomly share a shared secret k; into two keys using Shamir’s secret sharing 
technology. Let us denote them S(i) = CA f (x,)) uC(i) = (x2, f (x2)). Both the server and the client 
keep these shared secrets and keep them secret. 

4) Now the server and client are deleting numbers from their stores k;andl from polynom 
f(x) = k; + lx, that is, they “forget” these parameters according to the protocol. Before removing the 
key k; the server calculates the hash value h(k;) and this value is sent to the server store. 
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— Step 4: the server forms the client base, that is, for each client i, only the following information will be 
stored: i) h(k;) (hash value from keyk;), ii) S(i) (shared server secret), iii) A; (client's public key), 
and iv) F(i) (encrypted customer data i). 

Here h(k;), the value of a cryptographic hash function (such as SHA-3) from a distributed public 
key k; between client i and server. Hash storage is required for client authentication. Note that the 
information in the server’s client base is sufficient for the server to recover the shared secret k;, which will 
then be used to decrypt the data and then transfer the decrypted data back to the client. Thus, this algorithm 
allows to safely store client data in the cloud in encrypted form. At the same time, it is easy to see that the 
resistance of the protocol to active and passive attacks is ensured due to the reliability of the cryptographic 
system Rivest-Shamir-Adleman (RSA), but on the condition that all parties of the client-server interaction do 
not deviate from the protocol. 


3.2. Data storage method using elliptic curve cryptography 

In this section, we will show an analogue of the data storage method described above, but using elliptic 
curve cryptography [21]. So let’s say client i needs to send big data to the cloud for encrypted storage. 
— Step 1: let the general elliptic curve be chosen 


E,,(a,b): y? = x? +ax+bmod p, (4a? + 27b*) mod p + 0, 


and point G on it is a generator, that is G, [2]G, [3]G, ..., [q]G are the different points, and [q |G = O for some 
prime number q. 

Client i chooses a random number r;, 0 < r; < q, which it stores as its secret key, and calculates a 
point on the curve R; = [r;|G, which will be his public key. Likewise, the server randomly generates the 
number d,,0 < d, < q, which stores as its secret key and calculates a point on the curve D; = [d;]G. 

The following parameters are also public and public data: p,a,b,G,q. 

— Step 2: key distribution is carried out using the well-known Diffie-Hellman protocol on an elliptic 
curve: 

1) Client i calculates and sends its public key to the server R; = [r;|G, and the server sends its public key 
to the client D; = [d,|G; 

2) The server calculates the point Q; = [d,]R;, and the client computes the same point in the same way 
Qi = [r;|D;, since d;R; = d,7,G = 1; Dg; 

3) As a distributed key k; take the first coordinate x, of the point Q;(x1, y,). That is, we have a shared 
secret between client i and server: k; = x1. 

4) The server encrypts the original data of client i using the shared secret k;, and stores the data in 
encrypted form in its storage. We denote this encrypted data F (i). 

5) Now server and client i are deleting private keys d,u 7; respectively, that is, “forget” them. 

— Step 3: using Shamir’s secret sharing technology: 

1) Let us denote by x, the value of the first coordinate of the sum of two points on an elliptic curve 
Qi T Ri = L 

2) Server and client now independently form the same polynomial 


f(z) = ki + xz mod q 


3) Server and client randomly share a shared secret k; into two keys using Shamir’s secret sharing 
technology. Let us denote them S(i) = (z, f (z,)) n C(i) = (zə, f (z2)). Both the server and the client 
keep these shared secrets and keep them secret. 

4) Now the server and client are deleting points Q; and L from their repositories, and also remove numbers 
k; UX, from a polynomial f(z) = k; + x-z, that is, these points and numbers “forget”. Before removing 
the key k; the server calculates the hash value h(k;) and this value is sent to the server store. 

— Step 4: the server forms the client base, that is, for each client i, only the following information will be 
stored: i) A(k;) (hash value from key k;), ii) S(i) (shared server secret), iii) R; (client’s public key), 
and iv) F (i) (encrypted customer data i). 

Here h(k;) — the value of a cryptographic hash function (such as SHA-3) from a distributed public 
key k; between client i and server. Hash storage is required for client authentication. As in the previous case, 
the information in the server’s client base is sufficient for the server to recover the shared secret k;, which 
will then be used to decrypt the data and then transfer the decrypted data back to the client. As we can see, 
the elliptic curve cryptographic system was used by analogy with classical cryptography in the task of storing 
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data in the cloud. But elliptic curve cryptography has clear advantages in practical implementation, has 
greater resistance to attacks, and so on. 


4. CONCLUSION 

In this paper, new protocols for secure storage outsourcing are presented. Based on the 
cryptographic protocol described in section 2, it is possible to design new cryptographic systems encryption 
data of client for a given time. The need for such a cryptographic application exists in the Republic of 
Kazakhstan. In particular, this problem is also relevant for the web portal of electronic public procurement of 
the Republic of Kazakhstan, which provides encryption of the data of users of the portal (suppliers), with the 
ability to decrypt clients’ data through a certain time. The developed protocol will allow developing an 
alternative approach to solving the problem of the electronic public procurement portal, and will ensure the 
impossibility of interference in the public procurement process both on the part of the customer and supplier, 
and on the part of the portal administration. 
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